package jdbc;

import java.sql.*;
/**
 * 使用预编译SQL语句，可以有效解决SQL注入问题
 */
public class JDBCDemo7 {
    public static void main(String[] args) {
        UserInfo userInfo = InputUtil.getInputObject(new UserInfo(),"欢迎登录！","登录");
        System.out.println(userInfo);
        /*
        password
        a'OR'1'='1
         */

        try(Connection connection =DBUtil.getConnection();){    //链接库 登录库
            //Statement statement = connection.createStatement(); //连接

            String sql = "SELECT username,password\n" +
                    "            FROM userinfo \n" +
                    "            WHERE username=? AND password=?";
            PreparedStatement ps = connection.prepareStatement(sql);    //预编译SQL
            ps.setString(1, userInfo.getUsername());
            ps.setString(2, userInfo.getPassword());
            ResultSet rs = ps.executeQuery();
            if (rs.next()){
                System.out.println("登录成功");
            }else {
                System.out.println("登录失败");
            }
        } catch (SQLException e) {
            e.printStackTrace();
        }
    }
}
